Mindset

From embedded systems to servers, computer security relies first and foremost on the cryptographic primitives involved in authentication, confidentiality and integrity of users data. Ensuring that cryptographic implementations are robust against physical or remote adversaries requires to deploy specially crafted protections against a wide range of attacks. None of the protections that exist in real world systems are immune against side-channel, fault or white-box attacks, therefore these protections often rely on their design secrecy. Their robustness is then short term and will eventually be shaken when exposed to the right attack, e.g. after the protection method is made public.

At NinjaLab we don’t see this as a fatality, and actively work on improving the security of cryptographic implementations to build the future of robust products: protection method standards that can be reviewed and evaluated by the research community and then implemented by the industry.

Developing protections means being able to evaluate them. The evaluation of robust implementations is a very dynamic research topic that involves many disciplines such as electronics, signal processing, statistics / machine learning, reverse engineering, computer architecture, and of course, cryptanalysis. NinjaLab intends to build and improve state-of-the-art test platforms for physical side-channel and fault attacks but also software tools for software (passive and active) attacks.